Access control list (ACL)
- Owner
- Read/write
- Read
- No access
These access types map to either the Read-and-List or List-Only ACL. The ACL is a sub-resource that is attached to every bucket and object. It grants users to read, write, or full-control permissions. The following table shows the common ACL behavior except for one explicitly mentioned that is not S3-compliant.
| Permissions | ACL |
|---|---|
| Read | Allow grantee to list object in the bucket. Note: The system's Object Access property
determines the behavior of the READ ACL. It can be configured with one of the following:
|
| Write (Read/Write) | Allow grantee to create, overwrite, and delete any object in the bucket. |
| Read_ACP | Not supported. The default is full_control, implied by the bucket "owner" permission. |
| Write_ACP | Not supported. Default is full_control. |
| Full_control (owner) | Allows grantee read, write, read_ACP, and write_ACP permissions on the bucket. |
A System Administrator can grant a user individual object READ permission using the Cloud Storage
Object API's PUT Object ACL operation.
In Vault Mode, a vault cannot be granted to any grantee with "Owner" permission. A system administrator can also configure whether the end user can use storage APIs (for example: SOH and S3) to create new vaults or delete existing vaults using the Provisioning API defined in the Manager REST API Development Guide.